On Wed, Nov 08, 2006 at 02:46:35PM -0500, Daniel Ouellet wrote: > > So, I see absolutely nothing wrong with this, but only huge benefit.
with the "not" wildcard stuff, it seems like that would perhaps be a bit heavier to implement than the "definately is" matching. grep vs. egrep, only for spamd itself... it'd have to take all the "not" stuff you do and handle that gracefully. think of pf for a second... if you said block drop from !$host_one to any block drop from !$host_two to any block drop from !$host_three to any that would screw anything that isn't destined to $host_three, or if you are a first-match pirate and decide to "quick" everything, anything that's not $host_one. wouldn't do what you want. granted, you could put them all in a table and then block drop from !<table_of_hosts> to any but that only works because pf has that logic implemented. spamd is a different critter, and if it isn't *trivial* to implement that kind of thing, *my* vote is for a shared database structure to be what receives developement effort as opposed to a wildcard greytrap subsystem. in the meantime, have you considered handling this yourself and just using the maillog to your advantage? for example, you can grep maillog looking for loglines referencing invalid users /for your local domains/. i'm using the following to add bullshit addresses to the greytrap, probably could kill the 'zegrep' vs. 'egrep' stuff because it looks like zegrep gracefully handles non gzipped stuff, but whatever. i don't paste this because i say "copy and paste this and use it", but rather, check this out for an idea and do it in your own way. ------------------------------- #!/bin/sh [ "${1}X" = "-nX" ] && DEBUG=/bin/echo # hard-list total bullshit addresses at the top here, # the rest will be picked up from current and last maillog ADDRS="" ADDRS="$ADDRS [EMAIL PROTECTED]" ADDRS="$ADDRS [EMAIL PROTECTED]" [ -r /var/log/maillog.0.gz ] && ADDRS="$ADDRS $( zegrep "(ice-nine\.org|nodeless\.net)>... User unknown$" /var/log/maillog.0.gz \ | awk '{ print $7 }' \ | sed -ne 's/[<>]//g' -e 's/\.\.\.$//' -ep \ | sort -u )" [ -r /var/log/maillog ] && ADDRS="$ADDRS $( egrep "(ice-nine\.org|nodeless\.net)>... User unknown$" /var/log/maillog \ | awk '{ print $7 }' \ | sed -ne 's/[<>]//g' -e 's/\.\.\.$//' -ep \ | sort -u )" # cut out duplicates from the two log snarfs above if [ ! -z "${ADDRS}" ]; then ADDRS=$(echo "${ADDRS}" | xargs -rn1 | sort -u) fi # out with the old for i in $(spamdb | sed -ne '/^SPAMTRAP|<\(.*\)>/s//\1/p'); { ${DEBUG} spamdb -Td "<${i}>" }; # in with the new for i in ${ADDRS}; { ${DEBUG} spamdb -Ta "<${i}>" }; ------------------------------- -- jared